package SV_SQL;
import jakarta.servlet.http.*;
public class Vulnerable_02 {
    public ResultSet getUserData(ServletRequest req, Connection con) throws SQLException {
        // Source of data from HTTP request in servlet
        String accountNumber = req.getParameter("accountNumber");
        // Use of string in SQL statement
        String query = "SELECT * FROM user_data WHERE userid = '" + accountNumber + "'";
        Statement statement = con.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY);
        ResultSet results = statement.executeQuery(query);
        return results;
    }
}
